I setup ssl with cert-manager on digitalocean kubernetes. The certs were being issue until I decided to add two subdomains to my ingress rules the already existing ones are about 4.
When I apply the ingress rules, it returns an error saying that the following error
E1208 13:37:06.384727 1 sync.go:184] cert-manager/controller/challenges “msg”=“propagation check failed” “error”=“DNS record for “subdomain.example.io” not yet propagated” “dnsName”=“subdomain.example.io” “resource_kind”=“Challenge” “resource_name”=“example-letsencrypt-certificate-4047343803-758986247-1121119393” “resource_namespace”=“production” “type”=“dns-01”
Click below to sign up and get $100 of credit to try our products over 60 days!
I’m seeing DNS issues as well while provisioning certificates. My error is a little different though:
E1208 17:17:56.932846 1 sync.go:183] cert-manager/controller/challenges “msg”=“propagation check failed” “error”=“failed to perform self check GET request ‘http://www.example.ca/.well-known/acme-challenge/vPtOMYti6WOT7K7rCLNm8pod8EYL-o1t2wZyH1kK8sw’: Get “http://www.example.ca/.well-known/acme-challenge/vPtOMYti6WOT7K7rCLNm8pod8EYL-o1t2wZyH1kK8sw”: dial tcp: lookup www.example.ca on 10.245.0.10:53: no such host” “dnsName”=“www.example.ca” “resource_kind”=“Challenge” “resource_name”=“tls-certificates-gnkz7-1311519961-2702591492” “resource_namespace”=“default” “resource_version”=“v1” “type”=“HTTP-01”
The record works on my standalone droplet, and outside of DO. It does not seem to work from within the cluster from an Ubuntu pod.
root@my-shell-6f49bbd6bd-m4nfc:/# nslookup www.example.ca Server: 10.245.0.10 Address: 10.245.0.10#53
** server can’t find www.example.ca: NXDOMAIN
(www.example.ca is a stand-in for my actual DNS record)
OP, did you track down the root cause?